AntiSpyware Pro 2009 Spyware Threat

online-spyware-scan.net - Rogueware - AntiSpyware Pro 2009 "AntiSpyware Pro 2009" is a new rogue antispyware application which display false alerts about suspicious files detected and prompt the user to purchase the application. This application has been reported by Lavasoft and CA earlier in March. Files, folders and registry removal information can be found on the Sunbelt website. AntiSpyware Pro 2009 removal information AntiSpyware Pro 2009 by Lavasoft Site screenshot: antispywarepro.net online-spyware-scan.net A fake scanner page is also on the sites: http://www.online-spyware-scan.net/online-scan.html?ewmid=224 Fake Admess.Trojan messages: Title: My computer Online Scan Fake virus linkemail-worm.win32.net
Analysis:
	Site URLs: antispywarepro.net/demo.php?ewmid=216       netspywarescan.com/demo.php?ewmid=216       online-spyware-scan.net/demo.php?ewmid=216       scanspywareonline.net/demo.php?ewmid=216     Payload:       antispywarepro.net/download/10520/216/AntiSpywarePro_Installer_eng.exe netspywarescan.com/download/10520/216/AntiSpywarePro_Installer_eng.exe online-spyware-scan.net/download/10520/216/AntiSpywarePro_Installer_eng.exe scanspywareonline.net/download/10520/216/AntiSpywarePro_Installer_eng.exe                     File info: AntiSpywarePro_Installer_eng.exe             File size 328453 bytes     MD5 9830148a6e41a8eaa5331297f1f75d1e                     VirusTotal: Report             First received 03.20.2009 16:10:29 (CET)     Results 3/39 (7.67%)             Sunbelt Malware ID 8007865             Alias: Rogue:W32/AntiSpyware.AF       Win32/Winwebsec
Application screenshot:
AntiSpyware Pro 2009 REMOVAL
	- Kill processes: AntiSpyware Pro.exe, Uninstall.exe - Delete registry keys and values: [HKEY_CURRENT_USER\Software\AntiSpyware Pro] [HKEY_CLASSES_ROOT\CLSID\{66B643BE-5E94-4569-B93E-CE2636848AC8}] [HKEY_LOCAL_MACHINE\SOFTWARE\AntiSpyware Pro] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Explorer\Browser Helper Objects\{66B643BE-5E94-4569-B93E-CE2636848AC8}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Uninstall\AntiSpyware Pro] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] AntiSpyware Pro - Delete files and folders: ► %ProgramFiles%\AntiSpyware Pro Additional information to remove AntiSpyware Pro 2009 can be found on the Sunbelt website
Site associated with AntiSpyware Pro 2009
	domain sharing ip: 205.252.24.226 antispywarepro.net netspywarescan.com online-spyware-scan.net scanspywareonline.net